Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Thursday, 26 Apr 18 - Tux Machines is a community-driven public service/news site which has been around for over a decade and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Quick Roundup

Type Title Author Replies Last Postsort icon
Story Devices: 'Open' Hardware and Android Roy Schestowitz 26/04/2018 - 2:14pm
Story Security: Amazon, Windows, and Email security in 2018 Roy Schestowitz 26/04/2018 - 12:34pm
Story Graphics Leftovers Roy Schestowitz 26/04/2018 - 12:33pm
Story Games Leftovers Roy Schestowitz 26/04/2018 - 10:29am
Story Android Leftovers Rianne Schestowitz 26/04/2018 - 9:38am
Story What Stratis learned from ZFS, Btrfs, and Linux Volume Manager Rianne Schestowitz 26/04/2018 - 9:30am
Story 3 questions about Kata Containers answered Rianne Schestowitz 26/04/2018 - 9:27am
Story How to Upgrade from Ubuntu 17.10 or Ubuntu 16.04 LTS to Ubuntu 18.04 LTS Rianne Schestowitz 26/04/2018 - 12:24am
Story Best Linux apps of 2018 Rianne Schestowitz 26/04/2018 - 12:19am
Story Things to do After Installing Ubuntu 18.04 itsfoss 25/04/2018 - 10:10pm

Mozilla: Rust, Security, Things Gateway, Firefox and More

Filed under
Moz/FF
  • Rust pattern: Precise closure capture clauses

    This is the second in a series of posts about Rust compiler errors. Each one will talk about a particular error that I got recently and try to explain (a) why I am getting it and (Cool how I fixed it. The purpose of this series of posts is partly to explain Rust, but partly just to gain data for myself. I may also write posts about errors I’m not getting – basically places where I anticipated an error, and used a pattern to avoid it. I hope that after writing enough of these posts, I or others will be able to synthesize some of these facts to make intermediate Rust material, or perhaps to improve the language itself.

  • This Week in Rust
  • Mozilla publishes recommendations on government vulnerability disclosure in Europe

    As we’ve argued on many occasions, effective government vulnerability disclosure (GVD) review processes can greatly enhance cybersecurity for governments, citizens, and companies, and help mitigate risk in an ever-broadening cyber threat landscape. In Europe, the EU is currently discussing a new legislative proposal to enhance cybersecurity across the bloc, the so-called ‘EU Cybersecurity Act’. In that context, we’ve just published our policy recommendations for lawmakers, in which we call on the EU to seize the opportunity to set a global policy norm for government vulnerability disclosure.

  • Testing Strategies for React and Redux
  • K Lars Lohn: Things Gateway - a Virtual Weather Station
  • Firefox DevEdition 60 Beta 14 Testday Results

    As you may already know, last Friday – April 20th – we held a new Testday event, for Firefox DevEdition 60 Beta 14.

    Thank you all for helping us make Mozilla a better place: gaby2300, micde, Jarrod Michell, Thomas Brooks.

  • Supporting Same-Site Cookies in Firefox 60

    Firefox 60 will introduce support for the same-site cookie attribute, which allows developers to gain more control over cookies. Since browsers will include cookies with every request to a website, most sites rely on this mechanism to determine whether users are logged in.

    Attackers can abuse the fact that cookies are automatically sent with every request to force a user to perform unwanted actions on the site where they are currently logged in. Such attacks, known as cross-site request forgeries (CSRF), allow attackers who control third-party code to perform fraudulent actions on the user’s behalf. Unfortunately current web architecture does not allow web applications to reliably distinguish between actions initiated by the user and those that are initiated by any of the third-party gadgets or scripts that they rely on.

  • Enterprise Policy Support in Firefox

    Last year, Mozilla ran a survey to find out top enterprise requirements for Firefox. Policy management (especially Windows Group Policy) was at the top of that list.

    For the past few months we’ve been working to build that support into Firefox in the form of a policy engine. The policy engine adds desktop configuration and customization features for enterprise users to Firefox. It works with any tool that wants to set policies including Windows Group Policy.

  • any.js

    Thanks to Ms2ger web-platform-tests is now even more awesome (not in the American sense). To avoid writing HTML boilerplate, web-platform-tests supports .window.js, .worker.js, and .any.js resources, for writing JavaScript that needs to run in a window, dedicated worker, or both at once. I very much recommend using these resource formats as they ease writing and reviewing tests and ensure APIs get tested across globals.

  • Alex Gibson: My fifth year working at Mozilla

    Today marks my fifth year working for Mozilla! This past year has been both fun and frantic, and overall was a really good year for both Mozilla and Firefox. Here’s a run down a few of the things I got to work on.

Fedora Workstation 28 Coming Soon

Filed under
Red Hat
  • Warming up for Fedora Workstation 28

    Been some time now since my last update on what is happening in Fedora Workstation and with current plans to release Fedora Workstation 28 in early May I thought this could be a good time to write something. As usual this is just a small subset of what the team has been doing and I always end up feeling a bit bad for not talking about the avalanche of general fixes and improvements the team adds to each release.

  • Fedora Workstation 28 Is Shaping Up To Be Another Terrific Update

    Fedora Workstation 28 is shaping up to be another compelling update for those that are fans of this bleeding-edge Red Hat sponsored Linux distribution. I've been running Fedora Workstation 28 snapshots on a few laptops and test machines here and am quite happy with how it's shaped up as another Fedora release that delivers not only the latest features, but doing so in a seemingly sane and stable manner: I haven't encountered any problems unlike some of the past notorious Fedora releases from years ago. Overall, I am quite excited for next month's Fedora 28 release and will be upgrading my main production system to it.

Configuring local storage in Linux with Stratis

Filed under
Linux

Configuring local storage is something desktop Linux users do very infrequently—maybe only once, during installation. Linux storage tech moves slowly, and many storage tools used 20 years ago are still used regularly today. But some things have improved since then. Why aren't people taking advantage of these new capabilities?

This article is about Stratis, a new project that aims to bring storage advances to all Linux users, from the simple laptop single SSD to a hundred-disk array. Linux has the capabilities, but its lack of an easy-to-use solution has hindered widespread adoption. Stratis's goal is to make Linux's advanced storage features accessible.

Read more

5 top Blender video tutorials for beginners

Filed under
OSS

Blender is a complex piece of software that is capable of producing extremely high-quality visuals for all manner of visual art purposes, from video games to product visualization. Of course, that power needs to be wielded by a controlled hand. Otherwise, you'll end up with a mush of digital geometry that makes no sense at all.

These days, video tutorials are the educational tool of choice for most people. I'm going to give you five of the best free beginner video tutorials for Blender currently available. I recommend you watch all of them. They all cover a lot of the same information. However, every instructor has a different way of presenting. Stick with the one that clicks with you.

Read more

Cinnamon 3.8 Desktop Environment Released with Python 3 Support, Improvements

Filed under
Linux

Scheduled to ship with the upcoming Linux Mint 19 "Tara" operating system series this summer, the Cinnamon 3.8 desktop environment is now available for download and it's a major release that brings numerous improvements, new features, and lots of Python 3 ports for a bunch of components.

Among the components that got ported to Python 3 in the Cinnamon 3.8 release, we can mention cinnamon-settings, cinnamon-menu-editor, cinnamon-desktop-editor, cinnamon-settings-users, melange, background slideshow, the switch editor and screensaver lock dialogs, desktop file generation scripts, as well as all the utilities.

Read more

Canonical Releases Kernel Security Updates for Ubuntu 17.10 and Ubuntu 16.04 LTS

Filed under
Security
Ubuntu

For Ubuntu 17.10 (Artful Aardvark) users, today's security update addresses a bug (CVE-2018-8043) in Linux kernel's Broadcom UniMAC MDIO bus controller driver, which improperly validated device resources, allowing a local attacker to crash the vulnerable system by causing a denial of service (DoS attack).

For Ubuntu 16.04 LTS (Xenial Xerus) users, the security patch fixes a buffer overread vulnerability (CVE-2017-13305) in Linux kernel's keyring subsystem and an information disclosure vulnerability (CVE-2018-5750) in the SMBus driver for ACPI Embedded Controllers. Both issues could allow a local attacker to expose sensitive information.

Read more

Security: Updates, Reproducible Builds, Match.com and More

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #156
  • A Match.com glitch reactivated a bunch of old profiles, raising concerns about user data

    A Match Group spokesperson confirmed that a “limited number” of old accounts had been accidentally reactivated recently and that any account affected received a password reset. Match.com’s current privacy statement, which was last updated in 2016, says that the company can “retain certain information associated with your account” even after you close it. But that Match Group spokesperson also told The Verge that the company plans to roll out a new privacy policy “in the next month or so,” in order to comply with the EU’s General Data Protection Regulation (GDPR); under the new policy, all those years-old accounts will be deleted. The Verge has requested clarification on which accounts will qualify for deletion, and what “deletion” will specifically entail, but has not received a response as of press time.

  • New hacks siphon private cryptocurrency keys from airgapped wallets

    Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren't connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.

  • New hacker group targets US health-care industry, researchers say

    The group, which Symantec has named “Orangeworm,” has been installing backdoors in large international corporations based in the U.S., Europe and Asia that operate in the health-care sector.

    Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations.

Graphics: VC4 and AMDVLK Driver

Filed under
Graphics/Benchmarks
  • VC4 display, VC5 kernel submitted

    For VC5, I renamed the kernel driver to “v3d” and submitted it to the kernel. Daniel Vetter came back right away with a bunch of useful feedback, and next week I’m resolving that feedback and continuing to work on the GMP support.

    On the vc4 front, I did the investigation of the HDL to determine that the OLED matrix applies before the gamma tables, so we can expose it in the DRM for Android’s color correction. Stefan was also interested in reworking his fencing patches to use syncobjs, so hopefully we can merge those and get DRM HWC support in mainline soon. I also pushed Gustavo’s patch for using the new core DRM infrastructure for async cursor updates. This doesn’t simplify our code much yet, but Boris has a series he’s working on that gets rid of a lot of custom vc4 display code by switching more code over to the new async support.

  • V3D DRM Driver Revised As It Works To Get Into The Mainline Kernel

    Eric Anholt of Broadcom has sent out his revised patches for the "V3D" DRM driver, which up until last week was known as the VC5 DRM driver.

    As explained last week, the VC5 driver components are being renamed to V3D since it ends up supporting more than just VC5 with Broadcom VC6 hardware already being supported too. Eric is making preparations to get this VideoCore driver into the mainline Linux kernel and he will then also rename the VC5 Gallium3D driver to V3D Gallium3D.

  • AMDVLK Driver Gets Fixed For Rise of the Tomb Raider Using Application Profiles

    With last week's release of Rise of the Tomb Raider on Linux ported by Feral Interactive, when it came to Radeon GPU support for this Vulkan-only Linux game port the Mesa RADV driver was supported while the official AMDVLK driver would lead to GPU hangs. That's now been fixed.

    With the latest AMDVLK/XGL source code as of today, the GPU hang issue for Rise of the Tomb Raider should now be resolved.

AMD Ryzen 7 2700X Linux Performance Boosted By Updated BIOS/AGESA

Filed under
Graphics/Benchmarks
Hardware

With last week's initial launch-day Linux benchmarks of the Ryzen 5 2600X / Ryzen 7 2700X some found the Linux performance to be lower than Windows. While the root cause is undetermined, a BIOS/AGESA update does appear to help the Linux performance significantly at least with the motherboard where I've been doing most of my tests with the Ryzen 7 2700X. Here are the latest benchmark numbers.

Read more

GNU: The GNU C Library 2.28 and Guix on Android

Filed under
GNU
  • Glibc 2.28 Upstream Will Build/Run Cleanly On GNU Hurd

    While Linux distributions are still migrating to Glibc 2.27, in the two months since the release changes have continued building up for what will eventually become the GNU C Library 2.28.

    The Glibc 2.28 work queued thus far isn't nearly as exciting as all the performance optimizations and more introduced with Glibc 2.27, but it's a start. Most notable at this point for Glibc 2.28 is that it will now build and run cleanly on GNU/Hurd without requiring any out-of-tree patches. There has been a ton of Hurd-related commits to Glibc over the past month.

  • Guix on Android!

    Last year I thought to myself: since my phone is just a computer running an operating system called Android (or Replicant!), and that Android is based on a Linux kernel, it's just another foreign distribution I could install GNU Guix on, right? It turned out it was absolutely the case. Today I was reminded on IRC of my attempt last year at installing GNU Guix on my phone. Hence this blog post. I'll try to give you all the knowledge and commands required to install it on your own Android device.

  • GNU Guix Wrangled To Run On Android

    The GNU Guix transactional package manager can be made to run on Android smartphones/tablets, but not without lots of hoops to jump through first.

Node.js 10.9 and npm milestone

Filed under
Development
  • Open Source Node.js Hits v10, with Better Security, Performance, More

    Speaking of which, the brand-new Node.js 10.0 is expected to soon support npm version 6 (currently Node.js ships with npm 5.7.x). The company npm Inc., which maintains the npm software package management application, today announced that major update, called npm@6. The npm company said its JavaScript software installer tool includes new security features for developers working with open source code.

  • Announcing npm@6

    In coordination with today’s announcement of Node.js v10, we’re excited to announce npm@6. This major update to npm includes powerful new security features for every developer who works with open source code. Read on to understand why this matters.

Voyage/Open Autonomous Safety (OAS) Now on GitHub

Filed under
OSS
  • Voyage open-sources autonomous driving safety practices

    Dubbed Open Autonomous Safety, the initiative aims to help autonomous driving startups implement better safety-testing practices. Companies looking to access the documents, safety procedures and test code can do so via a GitHub repository.

  • Open-Sourcing Our Approach to Autonomous Safety

    Without a driver to help identify and mitigate failures, autonomous vehicle systems need incredibly robust safety requirements and an equally comprehensive and well-defined process for analyzing risks and assessing capabilities. Voyage models its safety approach after the ISO 26262 standard for automotive safety, taking the best practices from the automotive industry and applying them to autonomous technology. The automotive industry continues to reach for new levels of safety in manufacturing vehicles, and we are inspired by that approach.

  • Startup Voyage Wants to Open Source Self-Driving Car Safety

    Under what the company calls its Open Autonomous Safety initiative, Voyage is publishing information on its safety procedures, materials, and test code in a series of releases. The goal is to create an open-source library of safety procedures that multiple companies can use as a standard, a Voyage blog post said.

  • This startup’s CEO wants to open-source self-driving car safety testing

    The initial release, which Voyage calls Open Autonomous Safety (OAS), will take the form of a GitHub repository containing documents and code. The functional safety requirements are Voyage's interpretation of the ISO 26262 standard for automotive safety, updated for autonomous vehicles. "This is our internal driving test for any particular software build," says Cameron. "It lets us evaluate our designs and look for the different ways they can fail in the real world."

Programming: Qt 5.9.5 and Jakarta EE

Filed under
Development

Red Hat News and Releases

Filed under
Red Hat
  • Announcing new product updates of CDK 3.4, DevStudio 11.3, DevSuite 2.3

    We’re extremely pleased to announce additions and updates to our suite of Red Hat Developers desktop tooling products, including Container Development Kit 3.4, JBoss Developer Studio 11.3, and our DevSuite 2.3 installer. These updates are a continuation of our efforts to increase developer usability, while adding new features that matter most for users of Red Hat platforms and technologies.

  • Announcing Developer Studio 11.3.0.GA, JBoss Tools 4.5.3 for Eclipse Oxygen.3a
  • Red Hat introduces JDK 10

    Java™ 10 is now supported with Red Hat JBoss Developer Studio 11.3.

    Please note that Red Hat JBoss Developer Studio does not run on a Java™ 9/10 virtual machine, but allows for managing and building of Java™ 9/10 projects and artifacts. So, you must first define in your workspace a Java™ 9/10 JDK if you want to manage and build Java™ 9/10 projects.

  • Give the gift of revealing your insecurities

    A few weeks ago, I was having a discussion with a fellow manager on my team. This person reports to someone who reports to me, generally has a different set of concerns than I do, and therefore holds a unique perspective on the challenges we face. I'd been digressing on a hypothetical course of action when the manager interrupted me to say, "Excuse me, I just want to say that I'm not comfortable with the direction this is going in." I immediately stopped talking and thought about what I'd been saying. I tried to explain what I meant, to give more context, and to go at it from a different angle. The manager also shared some context and perspective, which helped me understand the discomfort.

  • A (Belated) Happy 25th to Red Hat: So, What Does the Future Hold?

    Better late than never: last month Red Hat celebrated 25 years. (The cake and candles may seem like ancient history to Jim Whitehurst, CEO of the open source pioneer, but we believe in prolonging anything involving icing.) Jim spoke with Computer Business Review; looking both back on 25 years of Red Hat and to the future.

  • Top Badgers of 2017: Carl George

Eclipse Foundation Unveils New Cloud Native Java Future with Jakarta EE

Filed under
Development
  • Eclipse Foundation Unveils New Cloud Native Java Future with Jakarta EE

    The Eclipse Foundation, the platform for open collaboration and innovation, today unveiled the new open source governance model and a “cloud native Java” path forward for Jakarta EE, the new community-led platform created from the contribution of Java EE. In September 2017, Oracle announced that it was transferring the future of Java EE technologies to the Eclipse Foundation, to make the process of evolving its standards “more agile, flexible and open.”

  • Eclipse Foundation Pursuing "Cloud Native" Java With Jakarta EE

    Following Oracle offloading Java EE to the Eclipse Foundation and then renaming the project to Jakarta EE, we now know more about the future of this Java Enterprise Edition.

  • Eclipse Foundation's New Open-Source Governance Model for Jakarta EE, Turris MOX Modular Router Campaign and More

    The Eclipse Foundation announced today a new open-source governance model and "a 'cloud native Java' path forward for Jakarta EE, the new community-led platform created from the contribution of Java EE." According to the press release, with this move to the community-driven open-source governance model, "Jakarta EE promises faster release and innovation cycles." See https://jakarta.ee for more details or to join the Jakarta EE Working Group.

Ubuntu: Ora as a Snap, Community Theme, and LXD

Filed under
Ubuntu
  • Ora as a snap: ensuring users are benefiting from the latest version

    Ora is a user-friendly task management service with integrated time-tracking, reports, list view, git integrations and many other features. Often referred to by users as ‘the sweet spot between Trello and Jira’, Ora provides almost a complete match of Jira’s feature set but in a new and more accessible way.

    Last month, Ora launched their application as a snap and thereby broadening out their reach across the Linux user base. We spoke to Nikolay Mihaylov, co-founder at Ora, who told us more about their reasons to publish a snap and how it will help Ora move forward.

  • Welcome To The (Ubuntu) Bionic Age: Behind communitheme: interviewing Merlijn

    As discussed last week when unveiling the communitheme snap for ubuntu 18.04 LTS, here is a suite of interview this week on some members of the core contributor team shaping this entirely community-driven theme.

    Today is the turn of Merlijn, merlijn-sebrechts on the community hub.

  • LXD weekly status #44

    Another week of bugfixes for us as more and more people update to the 3.0 releases!

    Quite a bit of work went into improving the handling of the two database in LXD 3.0, making it easier for us to debug issues and provide fixes to our users when something goes wrong. Work is also continuing on the new backup/restore API for LXD with it hopefully landing later this week.

    We’re also excited to see LXD debuts on the Chromebooks through the new Crostini feature. This also led to a minor change to LXD to allow restricting users to unprivileged containers as was needed for those users.

AV Linux Multimedia-Focused OS Gets New Stable Release with Meltdown Patches

Filed under
GNU
Linux
Security

AV Linux, the open-source GNU/Linux distribution designed for multimedia content creation, has been updated recently to version 2018.4.2, a release that adds Meltdown mitigations, updated components, and various other enhancements.

Probably the most important change in the AV Linux 2018.4.2 release is the implementation of the KPTI (Kernel page-table isolation) patch to protect users against the Meltdown security vulnerability, but only for 64-bit installations. The distribution is now powered by the long-term supported Linux 4.9.76 kernel, and users can disable the KPTI patch at boot.

Read more

Syndicate content

More in Tux Machines

Critical Live Boot Bug Fixed and Ubuntu 18.04 is Finally Released

A critical bug in live boot session delayed Ubuntu 18.04 LTS release for several hours. The bug has been fixed and the ISO are available to download. Read more

Nintendo Switch hack + Dolphin Emulator could bring GameCube and Wii game support

This week security researchers released details about a vulnerability affecting NVIDIA Tegra X1 processors that makes it possible to bypass secure boot and run unverified code on some devices… including every Nintendo Switch game console that’s shipped to date. Among other things, this opens the door for running modified versions of Nintendo’s firmware, or alternate operating systems such as a GNU/Linux distribution. And if you can run Linux… you can also run Linux applications. Now it looks like one of those applications could be the Dolphin emulator, which lets you play Nintendo GameCube and Wii games on a computer or other supported devices. Read more

Openwashing Leftovers

Linux Foundation: New Members, Cloud Foundry, and Embedded Linux Conference + OpenIoT Summit

  • 41 Organizations Join The Linux Foundation to Support Open Source Communities With Infrastructure and Resources
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 28 Silver members and 13 Associate members. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world's largest open collaboration communities.
  • Cloud Foundry for Developers: Architecture
    Back in the olden days, provisioning and managing IT stacks was complex, time-consuming, and error-prone. Getting the resources to do your job could take weeks or months. Infrastructure-as-a-Service (IaaS) was the first major step in automating IT stacks, and introduced the self-service provisioning and configuration model. VMware and Amazon were among the largest early developers and service providers. Platform-as-a-Service (PaaS) adds the layer to IaaS that provides application development and management. Cloud Foundry is for building Platform as a Service (PaaS) projects, which bundle servers, networks, storage, operating systems, middleware, databases, and development tools into scalable, centrally-managed hardware and software stacks. That is a lot of work to do manually, so it takes a lot of software to automate it.
  • Jonathan Corbet on Linux Kernel Contributions, Community, and Core Needs
    At the recent Embedded Linux Conference + OpenIoT Summit, I sat down with Jonathan Corbet, the founder and editor-in-chief of LWN to discuss a wide range of topics, including the annual Linux kernel report. The annual Linux Kernel Development Report, released by The Linux Foundation is the evolution of work Corbet and Greg Kroah-Hartman had been doing independently for years. The goal of the report is to document various facets of kernel development, such as who is doing the work, what is the pace of the work, and which companies are supporting the work.